WordPress Woffice Theme <= 5.4.10 is vulnerable to Privilege Escalation

Software Woffice Type Theme Vulnerable versions = 5.4.10 Fixed in 5.4.12 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-43153 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f1d354bce137 Credits Rafie Muhammad...

WordPress Hummingbird Plugin <= 3.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Hummingbird Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43117 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 6f3eebbe9837 Credits Rafie Muhammad Patchstack...

WordPress The Next LVL Theme <= 1.1.0 is vulnerable to PHP Object Injection

Software The Next LVL Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7561 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID b79740b6d53a Credits Francesco Carlucci Required privilege...

WordPress Spectra Plugin <= 2.14.1 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.14.1 Fixed in 2.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-7590 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a51e418171d1 Credits João Pedro S Alcântara Kinorth Required...

WordPress Post Grid Master Plugin <= 3.4.10 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid Master Type Plugin Vulnerable versions = 3.4.10 Fixed in 3.4.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43156 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d887b01a498 Credits Dimas Maulana Required...

WordPress TypeSquare Webfonts Plugin <= 2.0.7 is vulnerable to Broken Access Control

Software TypeSquare Webfonts Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43120 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d4d917faff73 Credits Rafie Muhammad Patchstack...

WordPress BookingPress Plugin 1.1.6 - 1.1.7 is vulnerable to Broken Authentication

Software BookingPress Type Plugin Vulnerable versions 1.1.6 - 1.1.7 Fixed in 1.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-7350 Patch priority Low CVSS severity Low 10 Developer Claim ownership PSID a00d0a9226a3 Credits Gibran Abdillah Required...

WordPress BerqWP Plugin <= 1.7.6 is vulnerable to Arbitrary File Upload

Software BerqWP Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-43160 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1bde7f9c6c84 Credits Dave Jong Patchstack Required privilege...

WordPress Import and export users and customers Plugin <= 1.26.8 is vulnerable to Sensitive Data Exposure

Software Import and export users and customers Type Plugin Vulnerable versions = 1.26.8 Fixed in 1.26.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-38787 Patch priority Low CVSS severity Low 7.5 Developer Codection PSID a113b5766398 Credits emad...

WordPress HUSKY Plugin <= 1.3.6.1 is vulnerable to Privilege Escalation

Software HUSKY Type Plugin Vulnerable versions = 1.3.6.1 Fixed in 1.3.6.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-43121 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID d01fc5fea986 Credits Rafie Muhamma...

WordPress Robin image optimizer Plugin <= 1.6.9 is vulnerable to Broken Access Control

Software Robin image optimizer Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43122 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a94e3ea55a34 Credits Joshua Chan...

WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Extensions for Elementor versions = 2.0.31...

WordPress WP-PostRatings plugin <= 1.91.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WP-PostRatings versions = 1.91.1...

WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Easy Digital Downloads versions = 3.2.12...

WordPress Message Filter for Contact Form 7 plugin <= 1.6.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.1.1...

WordPress Custom 404 Pro plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Custom 404 Pro versions = 3.11.1...

WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Black Widgets For Elementor versions = 1.3.5...

WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin RegistrationMagic versions = 6.0.0.1...

WordPress Social Feed Gallery plugin <= 4.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Social Feed Gallery versions = 4.3.9...

WordPress WordPress File Upload plugin <= 4.24.7 - Broken Access Control + CSRF vulnerability

Broken Access Control + CSRF vulnerability discovered by emad Patchstack Alliance in WordPress Plugin WordPress File Upload versions = 4.24.7...